James Rogers wrote:
I'm having a problem getting OpenAFS 1.4.3 and KfW 2.6.5 working
properly. I'm working on Windows XP SP2 joined to a Windows 2003 Active
Directory domain. I installed and configured both clients (OpenAFS and
KfW). When I login to the domain with my user account I get AFS tokens
and Kerberos V tickets (per the leash32 gui), but I receive an "Access
is Denied" message when attempting to navigate to any AFS directory such
as: \\afs\nd.edu\. I'm not sure if this is of any relevance, but our
Active Directory domain and our MIT Kerberos V realm are named the same
("ND.EDU").
If the AD domain and the Kerberos realm have the same name (but not the same
KDCs) you have a problem.
Some code will see [EMAIL PROTECTED] and try and use the KDCs for AD. Some code
will try and use your MIT Kerberos V realm. AFS will only be the first
of many problems you will have you you try and use the same realm name
for both. (For example the DNS SRV records can only point at one. KfW
if it imports tickets from Windows then trys to use the TGT against
you MIT Kerberos V realm.
Options:
Rename one of the realms, and maybe use cross realm between them.
Just use the AD KDCs for everything.
I disabled the use of Kerberos IV because I need to get pure Kerb5
authentication working so we can plan to phase out its use here at Notre
Dame.
Any ideas what could be causing this problem?
--James
Univ. of Notre Dame
Systems Engineer
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info